Attempting to download software onto work computers is very risky. One way to mitigate this risk is to analyse external software installers through VirusTotal before installing anything. VirusTotal mitigates the risk, however isn’t bulletproof, and management of organisational security should be backed up by expert analysis by a qualified security person.
A recent use-case at Citadel involved ‘seemingly’ legitimate software. On further investigation, the Citadel Security Operations team uploaded the installer to VirusTotal which only flagged as being malicious on 2 out of 73 Antivirus engines.
Further investigation returned evidence that code within the software beacons back to a Chinese IP address, which was highly suspicious considering the software was developed in the United States. The software was then installed onto a test machine for further analysis, which showed that the software was attempting to download malicious code onto the test machine.
Cybercriminals use this method to pull down secondary stage malware onto a machine, to execute and potentially take control of a computer or a network with little or no evidence that anything untoward has occurred.
Antivirus products are NOT a silver bullet for detecting malicious activity, a professional defence-in-depth model is essential.